diff --git a/bower_components/forge/js/hmac.js b/bower_components/forge/js/hmac.js index fd3de29..46fa660 100644 --- a/bower_components/forge/js/hmac.js +++ b/bower_components/forge/js/hmac.js @@ -77,8 +77,6 @@ hmac.create = function() { } } - console.log('forge key', key); - // if key is longer than blocksize, hash it var keylen = key.length(); if(keylen > _md.blockLength) { diff --git a/bower_components/forge/js/util.js b/bower_components/forge/js/util.js index 294c41b..9708b5b 100644 --- a/bower_components/forge/js/util.js +++ b/bower_components/forge/js/util.js @@ -1602,7 +1602,14 @@ util.decode64 = function(input) { * @return the UTF-8 encoded string. */ util.encodeUtf8 = function(str) { - return unescape(encodeURIComponent(str)); + var escstr = encodeURIComponent(str); + // replaces any uri escape sequence, such as %0A, + // with binary escape, such as 0x0A + var binstr = escstr.replace(/%([0-9A-F]{2})/g, function(match, p1) { + return String.fromCharCode(parseInt(p1, 16)); + }); + + return binstr; }; /** @@ -1612,8 +1619,16 @@ util.encodeUtf8 = function(str) { * * @return the UTF-16 encoded string (standard JavaScript string). */ -util.decodeUtf8 = function(str) { - return decodeURIComponent(escape(str)); +util.decodeUtf8 = function(binstr) { + var escstr = binstr.replace(/(.)/g, function (m, p) { + var code = p.charCodeAt(0).toString(16).toUpperCase(); + if (code.length < 2) { + code = '0' + code; + } + return '%' + code; + }); + + return decodeURIComponent(escstr); }; // binary encoding/decoding tools diff --git a/phone.js b/phone.js index f3c9d2d..643d185 100644 --- a/phone.js +++ b/phone.js @@ -89,7 +89,8 @@ meta = otplink.pathname.replace(/.*\/totp\//, '').split(':'); // TODO throw if otp.issuer !== decodeURI(meta[0]) if (meta.length > 1) { - issuer = otp.issuer || decodeURI(meta[0]); + // TODO why is there an extra leading '/' on iOS webview? + issuer = otp.issuer || decodeURI(meta[0]).replace(/^\//, ''); accountName = decodeURI(meta[1]); } else { @@ -104,6 +105,7 @@ $('.js-issuer').text(issuer); $('.js-account-name').text(accountName); + Authenticator.generateToken(otp.secret).then(function (token) { $('.js-token').text(token.replace(/(\d{3})/g, '$1 ').trim()); }); diff --git a/test.js b/test.js index 184b925..723db7c 100644 --- a/test.js +++ b/test.js @@ -63,6 +63,11 @@ function generate(ke) { $('.js-verify').addEventListener('click', function () { var token = $('.js-token').value; + if (!/.*\d{3}.*\d{3}.*/.test(token)) { + window.alert("must have a 6 digit token"); + return; + } + Authenticator.verifyToken(key, token).then(function (result) { var msg; if (result) { @@ -74,6 +79,9 @@ $('.js-verify').addEventListener('click', function () { console.info('verify', msg); window.alert(msg); }, function (err) { + window.alert('[ERROR]:' + err.message); + window.alert('[ERROR]:' + err.stack); + console.error('ERROR'); console.error(err); });